cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #22154 from mayflower/refactor/phpfpm-service-per-pool

Browse source 
phpfpm service: one service per pool for isolation
This commit is contained in:
Franz Pletz 2017-02-28 00:05:09 +01:00 committed by GitHub
commit 3c9fbfbe7f
1 changed files with 40 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
nixos/modules/services/web-servers/phpfpm/default.nix
View file

@ -4,24 +4,25 @@ with lib;
let let
cfg = config.services.phpfpm; cfg = config.services.phpfpm;
enabled = cfg.poolConfigs != {} || cfg.pools != {};
stateDir = "/run/phpfpm"; stateDir = "/run/phpfpm";
poolConfigs = cfg.poolConfigs // mapAttrs mkPool cfg.pools;
mkPool = n: p: '' mkPool = n: p: ''
[${n}]
listen = ${p.listen} listen = ${p.listen}
${p.extraConfig} ${p.extraConfig}
''; '';
cfgFile = pkgs.writeText "phpfpm.conf" '' fpmCfgFile = pool: poolConfig: pkgs.writeText "phpfpm-${pool}.conf" ''
[global] [global]
error_log = syslog error_log = syslog
daemonize = no daemonize = no
${cfg.extraConfig} ${cfg.extraConfig}
${concatStringsSep "\n" (mapAttrsToList mkPool cfg.pools)} [${pool}]
${poolConfig}
${concatStringsSep "\n" (mapAttrsToList (n: v: "[${n}]\n${v}") cfg.poolConfigs)}
''; '';
phpIni = pkgs.runCommand "php.ini" { phpIni = pkgs.runCommand "php.ini" {
@ -119,18 +120,41 @@ in {
}; };
}; };
config = mkIf (cfg.pools != {} || cfg.poolConfigs != {}) { config = mkIf enabled {
systemd.services.phpfpm = { systemd.slices.phpfpm = {
wantedBy = [ "multi-user.target" ]; description = "PHP FastCGI Process manager pools slice";
preStart = ''
mkdir -p "${stateDir}"
'';
serviceConfig = {
Type = "notify";
ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
};
}; };
systemd.targets.phpfpm = {
description = "PHP FastCGI Process manager pools target";
wantedBy = [ "multi-user.target" ];
};
systemd.services = flip mapAttrs' poolConfigs (pool: poolConfig:
nameValuePair "phpfpm-${pool}" {
description = "PHP FastCGI Process Manager service for pool ${pool}";
after = [ "network.target" ];
wantedBy = [ "phpfpm.target" ];
partOf = [ "phpfpm.target" ];
preStart = ''
mkdir -p ${stateDir}
'';
serviceConfig = let
cfgFile = fpmCfgFile pool poolConfig;
in {
Slice = "phpfpm.slice";
PrivateTmp = true;
PrivateDevices = true;
ProtectSystem = "full";
ProtectHome = true;
NoNewPrivileges = true;
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
Type = "notify";
ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
};
}
);
}; };
} }